forked from rciam/OpenConext-oidc
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathServiceProviderTranslationService.java
More file actions
32 lines (26 loc) · 985 Bytes
/
ServiceProviderTranslationService.java
File metadata and controls
32 lines (26 loc) · 985 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
package oidc.saml;
/**
* The OAuth spec https://tools.ietf.org/html/rfc6749 dictates:
*
* The authorization server MUST support the HTTP Basic
* authentication scheme for authenticating clients that were issued a
* client password
*
* The HTTP Authentication spec https://tools.ietf.org/html/rfc2617 dictates:
*
* userid = *<TEXT excluding ":">
*
* ServiceProviders in the SURFconext federation have an entity-id that we
* must use to scope the AuthN request. The entity-id by convention contains
* a ':'. For example: https://oidc.localhost.surfconext.nl
*
* We want to use the entity-id of a SP as the client_id of an OAuth / OpenConnect ID
* client. However this breaks the Basic Authentication must-have.
*
* We therefore must translate the client_id to a SP entity-id and vica-versa.
*
*/
public interface ServiceProviderTranslationService {
String translateServiceProviderEntityId(String entityId);
String translateClientId(String clientId);
}